I contacted ConnectWise through their support system and a very active member of the Control forum staff directly through the forum to report this issue 8 days ago, the day after Chrome 66 was released. The forum is still using a disavowed Symantec certificate.

Big deal/what's the risk? This forum is the epitome of a "watering hole." Members of this forum are known to use specific software that grants remote access to potentially thousands of devices per compromised user, making them high value targets. The "proceed anyway" option to ignore the certificate issue encourages forum members to access risky content through the ConnectWise site (such as malicious embedded images that might respond with evil headers), which could potentially infect ConnectWise Control forum users (and thus their users' users) with malware.

Why not just visit the forum without SSL/TLS? That's a joke. Every website should be using HTTPS these days. There's no valid reason not to use SSL/TLS today.

ConnectWise implemented a "fix" for this - to force connections not to use HTTPS. The fix strips away the context during the redirect, resulting in any direct HTTPS link being shoved to the root of the forum. This means that all the email messages sent from the forum lose their context by the time the link goes through. Password reset messages? Forget about it. Message notifications? Homepage only. Every deep link ever made to HTTPS content in the forum is lost.

Moreover, it still means that every login to this forum isn't secured.

Seriously - is this really the best we can expect from an organization we rely on for 'secure' connectivity to our client computers?

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.